Spam Prevention

In order to optimize deliverability and get the best inbox placement rates, you need to establish yourself as a legitimate sender by developing a good reputation with mailbox providers (like Gmail and Hotmail). Here’s how:

  1. Permission – only email to the people who have subscribed to receive your mail
  2. Transparency – make sure your content is relevant to the recipient. Display meaningful information in the Subject, From, and Reply-to headers
  3. Remove hard bounces (invalid recipient addresses) immediately from all future mailings
  4. Stop sending to recipients who don’t want your mail, specifically:
    • Remove spam complaints and unsubscribe requests
    • Remove inactive users (no opens/clicks in 30 days)
  5. Suppress recipients who you know (for any reason) should not be mailed to
  6. Ensure that DKIM is set up and verified for your sending domains
  7. Avoid the following BAD practices:
    • Sending messages without testing and proofreading
    • Hide the sender or use a misleading subject line
    • Hide the unsubscribe link or ignore unsubscribe requests
    • Buy email lists – especially those from untrustworthy sources
    • Sell your list to a third party without permission

Authentication is a way to prove an email isn’t forged. There are a variety of authentication methods, and there’s no best method. SPF and SenderID allow a domain owner to add a file or record on the server that the recipient server cross-checks. These are easy to implement, but some suggest they aren’t as secure. DKIM and DomainKeys embed information within the email, making it harder to forge (but they can also be harder to implement for senders and receivers).

Since there are pros and cons to the various methods, we provide support for all of the above methods.


If you don’t have an SPF record yet, you’ll need to add one for your domain. At a minimum, the value should be the following if you’re only sending mail through Mandrill for that domain:

v=spf1 ?all

If you already have a TXT record with SPF information, you’ll need to add Mandrill’s servers to that record by in the record (before the last operator, which is usually ?all, ~all, or -all).


Add a new TXT record with the name (just replace with the domain you’re setting up).

The value for the record should be one of the options listed below. There are two options because the record contains semicolons. Some DNS providers escape semicolons for you, while others require you to do it when setting up the record.

With semicolons escaped:

v=DKIM1\; k=rsa\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKynO8/lQIDAQAB\;

With semicolons unescaped:

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKynO8/lQIDAQAB;